Feature Security Spotting and preventing the insider threat
Billions of dollars have been spent over the last few decades on information security in order to “keep the bad guys out,” but with data leaks, laptops left on trains and stolen files, it is clear that companies face an internal risk. This is as true of factory environments as it is with other organisations. John Mutch, CEO of BeyondTrust talks about securing your company by spotting the insider threat
his isn’t about lack of trust: humans are not infallible. While some breaches are caused by indi- viduals or gangs with malicious intent, the risk is just as great from accidental breaches, or those caused indirectly, for instance via hackers impersonating the ID of an employee. The situation is exacerbated by the increasing complexity and distributed nature of IT systems, which create more potential points of weakness. This is the case in factory environ- ments which typically have high vol- umes of technology-centric systems, devices and processes.
T
Furthermore, organisations have a tendency to give individuals unneces- sary levels of information access. A recent global survey found that more than 60 per cent of ‘privileged’ users have access to that data out of curios- ity, not as an essential part of their job function.
Spotting the insider threat While the insider threat is a very real one, it can largely be avoided, with the right combination of technology, processes and policies. It also helps to understand the kind of personalities that may maliciously or inadvertently cause a problem. For instance, one cat- egory is disgruntled employees, who may feel ‘hard done by’: perhaps they have been passed over for a promotion or know that they are likely to be in the next round of redundancies. Here are two real-life examples: a former Goldman Sachs programmer, Sergey Aleynikov was convicted and received a sentence of eight years for stealing proprietary software source code as he was leaving the company in order to sell those assets to the compe- tition for about $1.2 million. In April 2011, a former network security engineer at Gucci America was indicted on charges that he ille- gally accessed the company’s network and deleted documents shortly after he was fired, costing Gucci nearly $200,000 in damages.
18
At the other end of the spectrum are the employees who may have the best intentions but accidentally, can be the root cause of major problems. Devastating breaches can stem from innocuous actions such giving away passwords (either loaning credentials to a colleague, or scribbling them on a sticky note in full view of anyone pass- ing the desk), downloading unautho- rised applications or tools that bring in malware, or through email errors. For instance, several years ago, one of the largest banks sent out an email to cus- tomers that – due to an internal opera- tor error – exposed recipients’ emails to everyone on the list.
Last but not least is the risk from an individual that does not work for the organisation at all, but who has man- aged to gain remote access to secure information, by impersonating a legiti- mate internal user. Cyber attacks car- ried out by sophisticated hackers will increase, unless organisations take action.
Barriers not walls
So, what can be done? The first thing to understand is that the aim should be to create barriers, not walls. Organisations need to implement priv- ilege management, taking the ‘Goldilocks’ approach (not too much privilege, not too little, but ‘just right’). Also, companies should also inves- tigate what tools specifically designed for managing privilege and preventing data leaks are available.
Systems can cover: monitoring and alerts, reporting, and management tools siphon through web and code based interfaces to centrally control requested network tasks. These tasks are then deployed across all end points: cloud, virtual, servers, data- bases, desktops, and mobile. The latest data loss protection innovations mean that organisations can even prevent employees or contractors from copy- ing precious data onto USB sticks, embedding into email or even printing out copies.
MARCH 2012 Factory Equipment
Top left: Protect your organisation’s assets from the inside out by securing the perimeter within
Best practice
There are also some very simple best practices that companies can adopt, including forbidding desktop users to operate as ‘administrators’ on their machines. Companies often make this mistake, thinking that this approach saves on hundreds or thousands of calls to the IT helpdesk, but this is a false economy: when individuals are allowed to operate as a local admin, organisations are opened up to serious security threats.
John Mutch, CEO of BeyondTrust
Factories as much as any other organisation face and internal risk from security leaks
Another example is to stop bypass- ing logging. However tempting this is, without this system of checks and bal- ances, companies cannot have granu- lar control over what is going on, let alone work out what the root cause was when something goes wrong. For the more tech-savvy among readers, use of Microsoft UAC is not enough on its own, because it does not eliminate admin right altogether and can cause a gaping hole in protection plans. These are just some of the best prac- tice techniques that can be adopted which together with the right support- ing tools can stop the ‘insider threat’ in its tracks. With the right ammunition, companies can ensure that data breaches are virtually eliminated and prevention is better than cure.
BeyondTrust T: 0870 458622
www.beyondtrust.com Enter 317
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56